{ config, pkgs, lib, inputs, ... }: # TODO: # * [x] generate a ssh key if not existing # * [ ] automatically pull the repo on boot, do i need keys for that? # * [ ] customize the shit out of vscode # * [ ] don't ignore PDFs # * [ ] run the whole thing in a xvfb? should enable drawio and curv let domain = "${config.networking.hostName}.${config.networking.domain}"; mkDomain = subname: "${subname}.${domain}"; hostName = config.networking.hostName; container-name = "code-server-pandoc-papers"; container = config.containers.${container-name}.config; in { networking.nat = { enable = true; internalInterfaces = ["ve-+"]; externalInterface = "eno1"; # TODO: can i make this automatic? #enableIPv6 = true; }; #imports = [ # "/home/pbsds/repos/nixpkgs-trees/containers-mkdir/nixos/modules/virtualisation/nixos-containers.nix" #]; #disabledModules = [ # "virtualisation/nixos-containers.nix" #]; # data can be destroyed with `nixos-container destroy code-server-pandoc` containers.${container-name} = { autoStart = true; # container has no network access privateNetwork = true; hostAddress = "10.240.100.2"; localAddress = "10.240.100.3"; #forwardPorts = [ # { # #hostAddress = "127.0.0.1"; # does not exist # hostPort = 53754; # containerPort = 53754; # protocol = "tcp"; # } #]; #bindMounts."/home" = { # hostPath = "/var/lib/code-server"; # isReadOnly = false; #}; config = { config, pkgs, lib, ... }: { system.stateVersion = "22.11"; #imports = [ ]; #home-manager.useGlobalPkgs = true; # brrr #home-manager.useUserPackages = true; # requiredm installs user packages to /etc instead of ~/.nix-profile #home-manager.users.${config.services.code-server.user} = { pkgs, config, ... }: { # programs.git.enable = true; # programs.git.userName = "Noximilien code-server"; # programs.git.userEmail = "theotheo@ntnu.no"; #}; systemd.services.initial-setup = { enable = true; wantedBy = [ "code-server.service" ]; before = [ "code-server.service" ]; # TODO: run as the correct user serviceConfig.User = config.services.code-server.user; serviceConfig.Group = config.services.code-server.group; # TODO: make the ssh key comment automatic script = '' test -s "$HOME/.ssh/id_ed25519.pub" || { test -d "$HOME/.ssh" || mkdir -p "$HOME/.ssh" echo "" | ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -a 100 -C "code-server@code-server-pandoc-${hostName}" -f "$HOME/.ssh/id_ed25519" echo } echo "My pubkey is:" cat "$HOME/.ssh/id_ed25519.pub" #${pkgs.curl}/bin/curl "https://github.com/pbsds.keys" | grep "$(cat $HOME/.ssh/id_ed25519.pub | cut -d" " -f-2)" test -d "$HOME/repo" || ( set -x cp -a ${inputs.pbsds-papers.outPath} "$HOME/repo" chmod -R a+w "$HOME/repo" cd "$HOME/repo/neural-intersection-fields" ln -s ../.vscode . ) ''; }; services.code-server = { enable = true; host = "0.0.0.0"; # container port = 53754; #user = "code-server"; #group = "code.server"; # a nice tool if you don't care about security: https://argon2.online/ hashedPassword = "$argon2i$v=19$m=16,t=2,p=1$MHh5UGNtU1lWR1UySnhIZw$ITg8U7Gq2CXByuOOnrKVUg"; # hunter2 extraArguments = [ "${config.users.users.${config.services.code-server.user}.home}/repo/neural-intersection-fields" ]; package = pkgs.vscode-with-extensions.override { vscode = pkgs.code-server.overrideAttrs (old: { # vscode-with-extensions compatibility # https://github.com/NixOS/nixpkgs/pull/192889 passthru.executableName = "code-server"; passthru.longName = "Visual Studio Code Server"; }); #vscodeExtensions = with (import {}).vscode-extensions; [ vscodeExtensions = with pkgs.vscode-extensions; [ shd101wyy.markdown-preview-enhanced sanaajani.taskrunnercode tomoki1207.pdf ] ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [ { name = "new-railscasts"; publisher = "carakan"; version = "1.0.68"; sha256 = "sha256-uZCAurvZu7QHjTR6ukmYbsI58GpfTo3shdoX/MH2ElA="; } { name = "theme-railscasts"; publisher = "PaulOlteanu"; version = "4.0.1"; sha256 = "sha256-67RNcMr+hvzn2FvapkHLd8OdEBAz8w4cwsGlu0tbCNY="; } { name = "trailscasts"; publisher = "mksafi"; version = "1.2.3"; sha256 = "sha256-mZ9I1BYf8x3lpl5/2sojk+5GMfhDqRBzs6nFkumlPKg="; } { name = "vscode-theme-railscasts-plus"; publisher = "marlosirapuan"; version = "0.0.6"; sha256 = "sha256-8GyyxDeehFo/lGSmA6dfXZ3DMZ/B632ax+9q3+irjws="; } { name = "theme-railscast-next"; publisher = "edus44"; version = "0.0.2"; sha256 = "sha256-RYk6X4iKoEQlKSVhydnwWQJqt884+HC9DZN2aqIbfNI="; } { # best, but no markdown name = "railscasts"; publisher = "mrded"; version = "0.0.4"; sha256 = "sha256-vjfoeRW+rmYlzSuEbYJqg41r03zSfbfuNCfAhHYyjDc="; } { name = "beardedtheme"; publisher = "BeardedBear"; version = "7.4.0"; sha256 = "sha256-8FY9my7v7bcfD0LH5AVNGI2dF1qMLnVp2LR/CiP01NQ="; } ]; }; extraPackages = let shellnix = import "${inputs.pbsds-papers}/shell.nix" { inherit pkgs; }; in (with pkgs; [ imagemagick ]) # for some reason it isn't passed from shell.nix ++ shellnix.buildInputs ++ shellnix.nativeBuildInputs ++ shellnix.propagatedBuildInputs ++ shellnix.propagatedNativeBuildInputs; }; networking.firewall = { enable = true; allowedTCPPorts = [ config.services.code-server.port ]; }; }; }; services.nginx.virtualHosts.${mkDomain "code-server"} = { forceSSL = true; # addSSL = true; enableACME = true; #useACMEHost = acmeDomain; locations."/" = { #proxyPass = "http://127.0.0.1:${toString container.services.code-server.port}"; #proxyPass = "http://10.240.100.3:${toString container.services.code-server.port}"; proxyPass = "http://${config.containers.${container-name}.localAddress}:${toString container.services.code-server.port}"; proxyWebsockets = true; }; }; }